Monthly Archive for November, 2009

WordPress 2.8.6 Security Release

Published by Tyler on November 14, 2009 at 9:32 am 0 Comments

WordPress 2.8.6 is available for download. It’s another security release and was released two days ago. Below is a summary from the WordPress development blog:

2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges. If you have untrusted authors on your blog, upgrading to 2.8.6 is recommended.

The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch. The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations. Thanks to Benjamin and Dawid for finding and reporting these.

You can download WordPress 2.8.6 here.

Categories: Internet, Open Source, Security and WordPress Tags: , , , .

How To: Cisco and Microsoft VPN Through Firestarter on Ubuntu

Published by Tyler on November 7, 2009 at 1:57 pm 0 Comments

After doing a fresh install of Ubuntu 9.10 Karmic Koala on my router, I realized that I had lost the ability to connect to my employer’s VPN. I use Firestarter for managing my firewall on this particular router.

As I usually do, I googled “firestarter vpn“. Much to my dismay, it appeared that the Firestarter website was no longer alive. Instead of the usual Firestarter page, a page filled with useless links about security and anti-virus loaded. Luckily I was able to access the cached version of the page from Google. Since then, it appears that the Firestarter website has come back to life.

I wanted to make a note of how to allow VPN connections in the event that the Firestarter website becomes inaccessible again, that’s basically the point of this post. The page on the Firestarter site that details VPN connections can be found here. This should apply to pretty much every Linux distribution, not just Ubuntu.

To allow VPN connections with the Microsoft VPN client, simply enter the following lines into /etc/firestarter/user-pre.

# Forward PPTP VPN client traffic
$IPT -A FORWARD -i $IF -o $INIF -p tcp --dport 1723 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT -A FORWARD -i $IF -o $INIF -p 47 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT -A FORWARD -i $INIF -o $IF -p 47 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT


And to allow VPN connections with the Cisco VPN client, enter the following lines into /etc/firestarter/user-pre.

# Forward Cisco VPN client traffic
$IPT -A FORWARD -i $IF -o $INIF -p udp --dport 500 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT -A FORWARD -i $IF -o $INIF -p tcp --dport 500 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT -A FORWARD -i $IF -o $INIF -p 50 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT -A FORWARD -i $INIF -o $IF -p 50 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

Finally, if you’re running a Microsoft VPN server and want to allow incoming PPTP VPN connections, add the following lines to /etc/firestarter/user-pre.

# Forward PPTP VPN connections to internal server
SERVER=192.168.0.100 # Internal VPN server

$IPT -A FORWARD -i $IF -o $INIF -p tcp --dport 1723 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT -t nat -A PREROUTING -i $IF -p tcp --dport 1723 -j DNAT --to $SERVER
$IPT -A FORWARD -i $IF -o $INIF -p 47 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT -t nat -A PREROUTING -i $IF -p 47 -j DNAT --to $SERVER

That should pretty much cover it. If you are using OpenVPN, head over to the Firestarter VPN configuration page for details.

Categories: Internet, Linux, Noteworthy and Open Source Tags: , , , , , , , , , , .

Phoenix SEO - Search Engine Optimisation - SEO India - Contract Mobile Phones - Mobile Phones - Quick Diets
Hawaii Interior Design - Compare The Market - Payday Loans - Driving Lessons - Used Car For Sale - Security Gates
Phoenix Internet Marketing - Miami Web Design - Web Design - Bike Insurance - Search Engine Optimisation - SEO India - Scrap Gold